From 1aef3fb9c8f1b5b5bb6a53ed6c4d33ec59d3360a Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 23 Jun 2014 08:03:27 +0200 Subject: [PATCH] WHATSNEW: Add release notes for Samba 3.6.24. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10633 CVE-2014-0244: nmbd denial of service Bug: https://bugzilla.samba.org/show_bug.cgi?id=10654 CVE-2014-3493: Segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler because push_ascii() has returned(uint32_t)-1 via srvstr_push(), incrementing p by 4GB Signed-off-by: Karolin Seeger --- WHATSNEW.txt | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 717b7ce3d8e..aa57ee55a12 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,61 @@ ============================== + Release Notes for Samba 3.6.24 + June 23, 2014 + ============================== + + +This is a security release in order to address +CVE-2014-0244 (Denial of service - CPU loop) and +CVE-2014-3493 (Denial of service - Server crash/memory corruption). + +o CVE-2014-0244: + All current released versions of Samba are vulnerable to a denial of + service on the nmbd NetBIOS name services daemon. A malformed packet + can cause the nmbd server to loop the CPU and prevent any further + NetBIOS name service. + + This flaw is not exploitable beyond causing the code to loop expending + CPU resources. + +o CVE-2014-3493: + All current released versions of Samba are affected by a denial of service + crash involving overwriting memory on an authenticated connection to the + smbd file server. + + +Changes since 3.6.22: +--------------------- + +o Jeremy Allison + * BUG 10633: CVE-2014-0244: Fix nmbd denial of service. + * BUG 10654: CVE-2014-3493: Fix segmentation fault in + smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 3.6.23 March 11, 2014 ============================== @@ -49,8 +106,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 3.6.22 -- 2.11.4.GIT